CVE-2023-25455

State: PUBLISHED · Published: 2024-12-09 · Updated: 2024-12-09 · Assigner: Patchstack

Description

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.

CWE

CWE-862 — CWE-862 Missing Authorization

Affected

miniOrange / WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) — v=n/a ≤7.6.0 [affected]

CVSS

3.1 score=5.3 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve vdb-entry

Source

cvelistV5-main/cves/2023/25xxx/CVE-2023-25455.json